To start with I am not a security professional, in fact I am on the other end of the spectrum. In the opinion of people on this site what would you choose for secure internet browsing. I will be accessing interactive websites and making transactions.

It is absolutely essential that my real IP remains secret and immune to attacks. I will be using sites that have adopted an aggressive attitude to blocking certain geographic locations and have engineers and software that attempt to discover real locations (beyond simple IP check).

I have seen this question posed on this site and various others, most responses detailed the merits of various combinations VPS with SSH being one example though others suggestion socks 5 with SSH sock with VPN.

After a while its starts sounding like Chinese to me. Also the number of options is overwhelming. Could someone give me a heads up on what they would personally choose for the above problem?

1 Answer
1

First off, you need to realize that you're asking for anonymity and confidentiality. Those don't always go together, and if you don't keep both goals in mind, you will wind up with confidentiality (which is what SSH, SSL, and OpenVPN are more designed for) but miss out on anonymity.

Second, you really need to read some documentation on whatever solution is recommended to you. Only you know your exact requirements, and this stuff isn't actually terribly difficult to figure out if you take the time to understand it. I'd hate to give you advice based on a paragraph of explanation when it sounds like there may be real consequences for you if things go badly.

With that said:

Look at Tor - https://www.torproject.org/ - to start with. There is a lot of documentation on the site about what it can and cannot do. There's also a lot of the principles of anonymity on the site that will be good background reading for you.

You could also look at anonymizing web proxies, like Anonymizer and Proxyfy (disclaimer: I haven't used either in years). Again, read about them.

Finally, realize that anonymity is difficult to ensure. If you use an anonymizing service whose servers are in a jurisdiction that cares about you (e.g., if you're American and you use an American proxy), the government can just go to the proxy with a subpena and a gag order and you'll never find out until it's too late. The jurisdiction question is more complex than I'm making it sound, too; you have to consider which countries would be willing to work with each other. That's not a straightforward topic.

Finally, if you really do care about both anonymity and strong confidentiality, you probably need to combine anonymization techniques with a VPN of some sort, or with SSL if you're very careful. It's wise to expect anonymizing proxies, Tor, and the rest to be monitoring and even tampering with anything you do, so for anything important, I'd definitely use crypto. SSL is the most natural fit, but be very sure to validate certificates properly, since there are SSL-snooping proxies out there that play games with certificates.

If you're interested in rolling your own solution and you have enough cash, you could get virtual private servers in a few different, orthogonal jurisdictions - very carefully - and knit together an openvpn or SSH tunnel from end to end. Just remember that traffic from the last hop ("exit node") to the final destination is always going to be unencrypted and non-anonymous, in the sense that it can be traced directly back to the exit node (but no further if you're careful).

I'll repeat one more time - this isn't something you should just get advice on from a stackexchange post. If this is meaningful to you (and it sounds like you're concerned about meaningful consequences), you should spend the time it takes to get comfortable with the issues involved.